Many community financial institutions experienced substantial balance sheet growth during the pandemic as a result of economic stimulus and the corresponding growth in deposits. While banks may be back to pre-pandemic growth rates, management should be diligent in monitoring triggers for additional regulatory requirements with budgets and strategic initiatives. 

The Federal Deposit Insurance Corporation Improvement Act (FDICIA) threshold under Part 363 can have significant effects on operating and reporting requirements. The FDICIA regulatory requirements go into effect for those institutions with $500 million or more in total assets. Additional requirements become effective once a bank reaches $1 billion in total assets. 

Requirements By Tier

FDICIA reporting requirements follow a tiered system based on the bank’s total assets as of the beginning of your fiscal year. These requirements include a combination of financial statements, audit reports and management reports.

Audited, comparative financial statements and a corresponding independent public accountant’s report on the audited financial statements are required for all banks under Part 363. Further, management is required to provide a report regarding its responsibilities and certain conclusions with respect to internal controls and compliance with designated laws and regulations. Once your bank crosses the $1 billion asset threshold, an assessment of the effectiveness of internal controls over financial reporting is also required as part of the annual reporting package submitted to the Federal Deposit Insurance Corporation (FDIC). 

The following elements are required based on the size of the bank.

Audit Committee Considerations

FDICIA requires each bank to establish an independent Audit Committee of its board of directors that is comprised of outside directors. An outside director is defined as a director who is not, and within the preceding year has not been, an officer or employee of the bank or any of its affiliates. 

For banks with total assets of $500 million but less than $1 billion, the majority of the Audit Committee’s members should be independent of management.

For banks with total assets of $1 billion or more, all Audit Committee members should be outside directors who are independent of management. 

When the bank has total assets over $3 billion as of the beginning of its fiscal year, the Audit Committee should further include members with banking or related financial management expertise, should have access to its own outside counsel and should not include any large customers. 

When a bank’s total assets as of the beginning of its fiscal year require compliance with the aforementioned requirements, no regulatory action will be taken if the bank (1) develops and approves written plan for compliance and (2) forms or restructures its Audit Committee to comply with Part 363 by the end of that fiscal year.

FDICIA Readiness 

It’s important to start planning 18 to 24 months in advance to ensure your bank is ready to implement the requirements of FDICIA. We recommend you consider the following.

Auditor Independence and Review of Non-Audit Services 
The independent public accountant must comply with the independence standards and interpretations of the American Institute of Certified Public Accountants (AICPA), the Securities and Exchange Commission (SEC), and the Public Company Accounting Oversight Board (PCAOB) for all banks, regardless of whether the bank is a public company. 

SEC and PCAOB standards are generally more restrictive than AICPA standards with respect to permissible non-audit services. As your bank nears the $500 million total asset threshold, it is important to keep inventory of the services performed by the independent public accountant and to determine whether those services remain permissible under the SEC and PCAOB independence standards.

As a result, your independent external auditor can’t perform certain non-attest services that include:

• Bookkeeping and financial statement preparation.
• Designing and implementing financial information systems.
• Appraisal or valuation services.
• Actuarial services.
• Internal audit services.
• Tax return preparation for individuals who oversee financial reporting.

Review Oversight Responsibilities with the Board of Directors 
As your bank approaches the applicable asset thresholds, you should consider the existing composition of the board of directors and its Audit Committee. Once your bank reaches $500 million in total assets, it is required to have an independent Audit Committee. 

The board of directors of each institution should determine whether each existing or potential Audit Committee member meets the requirements of Part 363. To do so, the board of directors should maintain an approved set of written criteria for determining whether a director who is to serve on the Audit Committee is an outside director and is independent of management. At least annually, the board of each institution should determine whether each existing or potential Audit Committee member is an outside director. The minutes of the board of directors should contain the results of and the basis for its determinations with respect to each existing and potential Audit Committee member.

The Audit Committee should perform all duties determined by the institution’s board of directors and it should maintain minutes and other relevant records of its meetings and decisions. The duties of the Audit Committee should be appropriate to the size of the institution and the complexity of its operations, and, at a minimum, should include the appointment, compensation and oversight of the independent public accountant, reviewing with management and the independent public accountant the basis for their respective reports issued under Part 363. Additional responsibilities include: 

• Reviewing with management and the independent public accountant the scope of services required by the audit, significant accounting policies, and audit conclusions regarding significant accounting estimates;
• Reviewing with management and the accountant their assessments of the effectiveness of internal control over financial reporting, and the resolution of identified material weaknesses and significant deficiencies in internal control over financial reporting, including the prevention or detection of management override or compromise of the internal control system;
• Reviewing with management the institution’s compliance with the designated laws and regulations.
• Discussing with management and the independent public accountant any significant disagreements between management and the independent public accountant; and
• Overseeing the internal audit function.

The institution’s board and Audit Committee should exercise their own judgment in evaluating management’s FDICIA competence. Management needs to have the ability to make the assessments included in management’s report, including an understanding of the entity and its control environment and sufficient oversight over the operations of the institution. Additional members of management may be needed to supplement the knowledge and experience of existing members of management, particularly with respect to internal controls and risk assessment.